Black Bag Training Team continues Windows Forensic Essentials Blog Series with a post about forensic examination of Windows Event Logs. They explain what event logs are, how to parse it with their tool – BlackLightÂź, discuss log-on events and changing the date and time.
If you want to improve your Mac forensics skills, here is a very interesting and useful article by Jonathon Poling. It’s entitled “Mac Dumpster Diving â Identifying Deleted File References in the Trash (.DS_Store) Files” and will teach you how to identify deleted files references using .DS_Store. In the article Jonathon uses, among others, Sebastian Neef”s .DS_Store parser, so don’t forget to …
Here is an article by Cosimo Anglano, Massimo Canonico and Marco Guazzone on forensic analysis of the ChatSecure app on Android smartphones.
There are a number of techniques that the perpetrator of an offence may use to hide data. These techniques include storing data on external devices or within encrypted containers. Although there are a number of recorded artefacts for the Windows operating system which may prove this, there is less information for artefacts for the Linux operating system. The Gnome Virtual …
The records maintained by Jump Lists have the potential to provide a rich source of evidence about users’ historic activity to the forensic investigator.
Dynamic-analysis techniques have become the linchpins of modern malware analysis. However, software-based methods have been shown to expose numerous artifacts, which can either be detected and subverted, or potentially interfere with the analysis altogether, making their results untrustworthy. The need for less-intrusive methods of analysis has led many researchers to utilize introspection in place of instrumenting the software itself. While …
This paper documents anti-forensics techniques of a secure messaging application named âWickrâ on the Android platforms. Advertised as an application that focuses on security, Wickr provides many anti-forensics features, such as ephemeral messaging and end-to-end encryption. This paper analyses Wickr in detail using experimental research methods. The results revealed how Wickrâs file deletion consisted of distinct stages beginning with a …
In this article the authors give an overview of the current status of the forensic analysis techniques and processes of cloud incidents.
In this article forensic artefacts of Windows 10 Facebook App are extracted from SQLite databases and their forensic importance is discussed.
Here is Andrew Case’ presentation on memory forensics of Linux and Mac systems from Enfuse 2016.
Login
